我在准备好的语句中遇到问题,试图阻止数据库中的sql注入,因此我尝试应用准备好的语句,但我认为我有问题
这是collector_db.php
<?php
require 'connection.php';
$username = $_POST["username"];
$password = $_POST["password"];
$repassword = $_POST["repassword"];
$email = $_POST["email"];
$surname = $_POST["surname"];
$fname = $_POST["fname"];
$mname = $_POST["mname"];
if($password == $repassword){
global $dbConnection;
$mysql_qry = $dbConnection->prepare("insert into account_info(surname,firsname,middlename,username,pass,email) VALUES (?,?,?,?,?,?);");
$mysql_qry- >bind_param('ssssss','$surname,$fname,$mname,$username,$password,$email');
$mysql_qry->execute();
if ($connect->query($mysql_qry)=== TRUE){
echo "<script language='javascript'>";
echo "alert('Registration Success');";
echo "window.close();";
echo "</script>";
$mysql_qry->close();
$conn->close();
}
else{
echo "REGISTRATION failed".$mysql_qry."<br>". $connect->error;
echo "<script language='javascript'>";
echo "alert('Registration Failed');";
echo "</script>";
}
}
elseif($password != $repassword){
echo 'Password doesnt Match';
}
elseif($username == "" || $password == "" || $email == "" || $surname == "" || $fname == "" || $mname == "" || $repassword == ""){
echo "<script language='javascript'>";
echo "alert('Some of the Textfields is null');";
echo "</script>";
}
else {
echo "<script language='javascript'>";
echo "alert('Error');";
echo "</script>";
}
?>
谢谢您的帮助 :)
之间的空间$mysql_qry-,并>在执行查询的两个时间if ($connect->query($mysql_qry)=== TRUE){,并$connect在你的代码是未定义
只需执行一次
$mysql_qry = $dbConnection->prepare("insert into account_info(surname,firsname,middlename,username,pass,email) VALUES (?,?,?,?,?,?);");
$mysql_qry->bind_param('ssssss', $surname,$fname,$mname,$username,$password,$email);// remove quotes form here
if ($mysql_qry->execute()) {
echo "<script language='javascript'>";
echo "alert('Registration Success');";
echo "window.close();";
echo "</script>";
$mysql_qry->close();
}
删除这部分 if ($connect->query($mysql_qry)=== TRUE){...
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句